Skip to content
Percona Software for MongoDB Documentation

Rate this page
Thanks for your feedback
Thank you! The feedback has been submitted.

Get free database assistance or contact our experts for personalized support.

Get help from Percona

Percona Server for MongoDB 7.0.34-19 (2026-05-20)

Installation Upgrade from MongoDB Community

Percona Server for MongoDB 7.0.34-19 is an enhanced, source-available, and highly-scalable database that is a fully-compatible, drop-in replacement for MongoDB Community Edition.

Percona Server for MongoDB 7.0.34-19 includes the improvements and bug fixes of:

Security updates: CVE fixes from upstream MongoDB

This release includes upstream MongoDB security fixes for the following vulnerabilities:

High severity

  • SERVER-126021 (CVE-2026-8053): A vulnerability in the time-series collection implementation allows an authenticated user with write privileges to trigger an out-of-bounds memory write in the mongod process. Under certain conditions, this can lead to arbitrary code execution.

  • SERVER-122449 (CVE-2026-8199): A vulnerability in AST processing allows an authenticated user to cause excessive memory consumption using the following operators: $bitsAllSet, $bitsAnySet, $bitsAllClear, $bitsAnyClear. This can trigger out-of-memory (OOM) conditions and service unavailability.

  • SERVER-121610 (CVE-2026-8336): A vulnerability in server-side JavaScript execution allows an authenticated user to crash the mongod process through specially crafted use of $_internalJsEmit, or by manipulating the mapReduce map function in combination with $where, $function, or the mapReduce reduce stage.

Medium severity

  • SERVER-120668 (CVE-2026-8202): A vulnerability in the $trim, $ltrim, and $rtrim aggregation operators allows an authenticated user with aggregation privileges to supply specially crafted inputs that cause excessive CPU consumption, degrading database performance and availability.

  • SERVER-121895 (CVE-2026-8200): A vulnerability in schema validation error handling causes unredacted user data to be written to local server log files when insert or update operations violate schema validation rules.

Tools packaged with this release

Tool Version Release notes
MongoDB Shell (mongosh) 2.8.3 upstream release notes
Mongo Tools 100.17.0 upstream release notes